Look for new or modified site-options.conf tokens and update your site-options.conf file as required during the upgrade process. See Site Options Change Log.

Set up a TeamForge Stage Server before you upgrade your Production Server.

Stop TeamForge services on all servers in a distributed setup while upgrading to TeamForge 18.2.

Uninstall hot fixes and add-ons, if any, before you start the TeamForge 18.2 upgrade procedure.

As a result of changes to the logging framework in Java 9, the PrintGCDetails and PrintGCTimeStamps logging options are no longer supported. Remove these options from the following tokens while upgrading to TeamForge 18.1 or later. TeamForge provision fails otherwise.

JBOSS_JAVA_OPTS

PHOENIX_JAVA_OPTS

INTEGRATION_JAVA_OPTS

ETL_JAVA_OPTS

ELASTICSEARCH_JAVA_OPTS

Don'ts

Do not customize your operating system installation. Select only the default packages list.

While upgrading TeamForge, whether in place or on new hardware, always reuse the old site-options.conf file and make changes as necessary. Do not try to start with a new site-options.conf file. Reusing the old site-options.conf avoids many potential problems, particularly around the management of usernames and passwords.

Do not manually modify TeamForge-managed site option tokens such as the AUTO_DATA token. See AUTO_DATA for more information.

If you are creating symlinks, note that you must create symlinks only to the TeamForge data directory (/opt/collabnet/teamforge/var). You should not create symlinks to TeamForge application directories (such as /opt/collabnet).

Points to Remember

Installing or upgrading TeamForge needs root privileges. You must log on as root or use a root shell to install or upgrade TeamForge.

SSL is enabled by default and a self-signed certificate is auto-generated. However, you can use a few site-options.conf tokens to adjust this behavior. To generate the SSL certificates, see Generate SSL Certificates.

For the ETL service to run as expected in a distributed TeamForge installation, all servers must have the same time zone.

If you have Git integration on a separate server, both TeamForge and Git servers must have their time and date synchronized.

While you can run both EventQ and TeamForge on the same server, CollabNet recommends such an approach only for testing purposes. It’s always recommended to run EventQ on a separate server for optimal scalability.

Installing TeamForge with service-specific FQDNs (instead of machine-specific host/domain names) is highly recommended so that you will be able to change the system landscape at a later point in time without having any impact on the URLs (in other words, end users do not have to notice or change anything). For example, you can create FQDNs specifically for services such as Subversion, Git, mail, Codesearch and so on. For more information, see Service-specific FQDNs.

All such service-specific FQDNs must be long to a single sub domain and it is recommended to create a new sub domain for TeamForge.

If you are using service-specific FQDNs

A wildcard SSL cert is required. SNI SSL cert cannot be used.

When SSL is enabled and no custom SSL certificates are provided, a self-signed wildcard cert is generated for the sub domain.

When SSL is enabled and a custom SSL certificate is provided, the CN of the certificate is verified to be a wildcard CN.

You cannot have a separate PUBLIC_FQDN for EventQ.

The ability to run separate PostgreSQL instances for TeamForge database and datamart on the same server is being deprecated in TeamForge 17.11. If you have TeamForge database and datamart on separate PostgreSQL instances on the same server and if you are upgrading on a new hardware, you must Create a Single Cluster for Both Database and Datamart while upgrading to TeamForge 17.11 or later.

While upgrading TeamForge-Git integration servers, it is important that Git master and slave servers are upgraded to the same version of TeamForge-Git integration. On sites with Git Replica Servers, you must upgrade the Git Replica Servers first and then upgrade the master Git servers.

Prepare the New TeamForge Application Server (server-01)

Install RHEL/CentOS 7.5 and log on as root.

The host must be registered with the Red Hat Network if you are using Red Hat Enterprise Linux.

In addition to the above CentOS 7.5 64 bit RPM package, you must get the following CentOS 7.5 compatibility RPM, which is required for TeamForge 18.2 disconnected media installation on CentOS 7.5 profile: compat-ctf-dc-media-1.1-1.el7.noarch.rpm.

Unpack the disconnected installation package.

rpm -Uvh <package-name>

Unpack the compat-ctf-dc-media-1.1-1.el7.noarch.rpm package if you are installing TeamForge 18.2 on CentOS 7.5.

rpm -ivh compat-ctf-dc-media-1.1-1.el7.noarch.rpm

If not mounted already, mount the RHEL/CentOS installation DVD.

The DVD contains the necessary software and utilities required for installing TeamForge without internet access. In the following commands, replace “cdrom” with the identifier for your server’s CD/DVD drive, if necessary.

cd /media/
mkdir cdrom
mount /dev/cdrom ./cdrom/

If there are any spaces in the automount, unmount it first and mount it as a filepath, with no spaces.

Create a yum configuration file that points to the RHEL/CentOS installation DVD.

Back up and Restore the Review Board Database and Data Directories

Configure the New TeamForge Application Server (server-01)

Log on to the TeamForge Application Server (server-01), set up the site-options.conf file, and provision the services.

Copy the site-options.conf file to the TeamForge installer directory.

cp /tmp/site-options.conf /opt/collabnet/teamforge/etc/

Set up your site’s master configuration file.

Important: See Site options change log for a list of site option changes. While upgrading to a latest TeamForge release, make sure that obsolete site option tokens, if any, are removed from the site-options.conf file of the TeamForge version you are upgrading to.

Warning: The Password Control Kit (PCK) disables, deletes or expires user accounts that don’t meet the password security requirements starting from the date set for the PASSWORD_CONTROL_EFFECTIVE_DATE token. If a date is not set, the PCK disables, deletes or expires user accounts immediately. See PASSWORD_CONTROL_EFFECTIVE_DATE for more information.

You can also set the following tokens to enforce a more stricter password policy:

Verify and update the list of non-expiring TeamForge user accounts (password never expires).

USERS_WITH_NO_EXPIRY_PASSWORD=admin,nobody,system,scmviewer,scmadmin

Prevent Cross-site Scripting

An attacker could potentially upload an HTML page to TeamForge that contains active code, such as JavaScript. This active code would then be executed by clients’ browsers when they view the page, which can harm the system.

To prevent an attack of this sort, you can specify whether or not HTML code is displayed in TeamForge. This flag applies to all documents, tracker, task, and forum attachments, and files in the file release system.

Set the SAFE_DOWNLOAD_MODE token according to your requirements. For more information, see SAFE_DOWNLOAD_MODE.

JAVA_OPTS

Note: All JVM parameters but -Xms1024m and -Xmx2048m have been hard-coded in the TeamForge core application. You need not manually configure any other parameter (such as -XX:MaxMetaspaceSize=512m-XX:ReservedCodeCacheSize=128M-server -XX:+HeapDumpOnOutOfMemoryError-Djsse.enableSNIExtension=false-Dsun.rmi.dgc.client.gcInterval=600000-Dsun.rmi.dgc.server.gcInterval=600000) in the site-options.conf file.

TeamForge 18.1 (and later) supports Java 9. As a result of changes to the logging framework in Java 9, the PrintGCDetails and PrintGCTimeStamps logging options are no longer supported. Remove these options from the following tokens while upgrading to TeamForge 18.1 or later.

JBOSS_JAVA_OPTS

PHOENIX_JAVA_OPTS

INTEGRATION_JAVA_OPTS

ETL_JAVA_OPTS

ELASTICSEARCH_JAVA_OPTS

TeamForge provision fails on sites that use these options post upgrade to TeamForge 18.1.

Save the site-options.conf file.

Generate the License Key

As you are upgrading on new hardware, contact CollabNet Support, generate the license key for the new server (IP address) and use it to replace /opt/collabnet/teamforge/var/etc/sflicense.txt.